1. Technical Field
This disclosure relates generally to securing information in a cloud computing or other shared deployment environment wherein disparate parties share Information Technology (IT) resources.
2. Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. When multiple parties share resources within a cloud computing and other such shared deployment model, a compelling transformation and reduction in their IT costs (from fixed to variable) can be achieved. Using this approach, companies can extend computing and storage capacity elastically to match demand, shift operational and capital costs to an external data center, free IT staff to focus on new projects, and more. Cloud compute resources are typically housed in large server farms that run networked applications, typically using a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” (VMs), that are mapped onto physical servers in a data center facility.
Emerging cloud environments are being created out of existing IT infrastructures that are being adapted to support cloud-based services. One key characteristic of cloud computing that is different from existing environments is the requirement for so-called “multi-tenant” support, sometimes referred to as multi-customer single deployment. To satisfy this requirement, service providers have to be able to isolate different customer usage of the cloud services. Indeed, typically one of the most significant barriers keeping an enterprise customer from utilizing such resources is the ability to gauge a provider's security posture in relation to its own security compliance requirements.
In particular, shared environments have the potential to expose unprotected data to malicious attacks, hacking, and introspection by third parties, both intentional and otherwise. The service provider thus needs to maintain isolation between and among their specific customers that are sharing cloud resources. Thus, such systems need to ensure end-to-end trust and security of customer data regardless of their underlying networks, platforms, virtualization mechanism or middleware. Some of these problems can be addressed by the isolation of data and resources, and the use of VPNs and other such access mechanisms, but many cloud datacenters use non-traditional physical network configurations that negate traditional network isolation and that complicate VPN keying techniques. Presently, there are no single standard or obvious mechanisms in place to provide data security across all layers of a customer's virtual domain.
Most companies that desire to use cloud computing and other shared deployment models assign high value to their data and applications, and they consider them valuable intellectual property (IP). As noted above, these enterprises also may have legal, regulatory and/or their own corporate security policies that obligate them to preserve, at great lengths, the confidentiality of the data their applications access. One assumption in solving this problem is that encryption of data on a per-tenant basis within such shared/cloud infrastructures is necessary to address the needs of customers with sensitive data and/or highly confidential applications that use such data. To this end, one approach that has been suggested to address this problem is to have companies that wish to use public datacenters is to attempt to externally manage the encryption of their own data as a best defense against attacks within a shared infrastructure. This approach, however, reduces the usefulness of the data when valid accesses are needed to enable business workflows, since the management of the encryption (e.g., keys, authentication, and the like) and authentication/authorization protocols becomes a significant burden on the cloud customer.
Further, the complexity involved for shared datacenter providers to support end-to-end cryptographic security at all levels of a virtualized datacenter using existing key management systems, such as Public Key Infrastructure (PKI), has been prohibitive. This is because PKI-based encryption techniques are designed to establish trust and secure/encrypted data between two parties or endpoints. Although this may be sufficient for simple data/message exchange, in the more advanced workflows that are present in a cloud infrastructure, data traverses many endpoints and involves many services and resources over which the customer has no direct control. Further, attempts to employ PKI-based techniques are also unwieldy due to the need to manage the many public/private key pairs and their associated security policies. Indeed, in the worst case, every endpoint has a separate public/private key pair and security policy for handling the customer's data. Another problem with a PKI-based approach is that there is no means to renew the end-to-end security system, or to revoke or classify devices or system resources based upon relative levels of trust. Exposing such functionality to customers at the level of granularity needed in a complex environment also becomes untenable. Managing keys across hybrid or multi-cloud environments only compounds these issues.
Thus, there remains a need for an approach that provides for strong encryption of data yet is more easily manageable for both the shared datacenter provider and the companies that wish to subscribe to them.